Data Security and Integrity in a BYOD World
By Jeffrey Stephen Parker Vice President of Technology , Stout Street Hospitality/Magnolia Hotels | January 20, 2013
Sit in any conference or meeting today and it is easy to see that tablets, smart phones and ultra portables have invaded the workplace. Enterprises are unable to keep up with the light-speed march of new devices, new operating systems and form factors; leaving the door open for consumers to drive the need for using personally owned equipment with corporate information systems. Striking a balance between security and usability falls on the Information Technology infrastructure of your organization.
Magnolia's largest concern with allowing end-users to bring their own device was our strategies related to protecting guest and team-member data in our environment. Many of these devices can hold an enormous amount of data that can simply be lost when a device is misplaced or a person departs the company. Contractual and legal obligations dictate many of the policies and solutions that Magnolia has deployed.
Back in the day, the IT department was able to control both ends of the mobile information security puzzle; owning both the devices and any back-end hardware storing and communicating the data. Closed systems made it easier to encrypt and control information being out in the wild. Dramatic changes have happened that has forced the IT service groups to become more flexible, often allowing unfamiliar devices with various screen sizes, operating systems and connectivity levels on networks designed to protect sensitive information.
According to Forrester: Fifty-Three percent of information workers are using personal devices and over seventy-seven percent of executives. Forrester predicts that within 36 months, BYOD will shift from a voluntary program to an enterprise-mandated model.
Blackberry was the pioneer in delivering the mission critical application (email) to business professionals all over the world. Servers were installed in corporate data centers, connecting email servers to the original king of portable devices. Information release was able to be controlled and monitored, even remotely removed if needed. Apps were virtually unheard of, with data to the devices being relatively slow and the development community focusing on making spreadsheets work. RIM's solution was an important piece of how enterprise extended the email and eventually contact and calendering of products once only tethered to desktops.
Apple started the problem with their iPhone, and exasperated it with the iPad, but users are demanding that any number of devices are able to connect to their mission critical (or seemingly critical) information. Forrester points out that over sixteen percent of BOYD workers installed unsupported software on their device.1 Personal devices have personal accounts and little if any prevention of users installing any app they wish. Contrary to locked down laptops and corporate-issued phones, personal devices have the possibility of opening real security threats to your networks.